SonicWALL VPN Configuration

Page |1

Table of Contents

Overview....................................................................................................................................................... 2
Enable VPN for Users ................................................................................................................................... 3
Export and Import Required Certificates..................................................................................................... 6

Export Computer Certificate ........................................................................................................................ 7

Import Certificates into SonicWALL GVC ................................................................................................... 17

Configured Connections in SonicWALL GVC .............................................................................................. 21

Copyright © 2019 Parts Authority. All rights reserved.

 Page |2

Overview
This document will provide step-by-step instructions enable VPN for users. This document is intended
for Parts Authority IT staff only.
1. Enable VPN privileges in Active Directory (Okta) – approx. time to complete 2 minutes
2. Export and import required certificates – approx. time to complete 2 minutes
3. Configure SonicWALL GVC connections – approx. time to complete 5 minutes
4. Connect to VPN – approx. time to complete 5 minutes

Copyright © 2019 Parts Authority. All rights reserved.

 Page |3

Enable VPN For Users

User authentication is based on Active Directory (Okta) group membership. Two groups are available:

1. “APP-VPN Users” - for all users, provides access to standard internal devices such as DST,
PAReps, DNS, mapped drives, etc.
2. “APP-VPN IT Users” – ONLY for IT staff, provides full network access.

If an individual user requires more access than the standard APP-VPN provides, this can be provided to
the individual user by the Network Team.

1. Login to Okta with Administrative privileges, select “Admin”

2. Select “Directory>People”

Copyright © 2019 Parts Authority. All rights reserved.

 Page |4

3. Search then select the user account.

4. In “Groups” search for “APP-VPN Users”, then “Add”.

Copyright © 2019 Parts Authority. All rights reserved.

 Page |5

5. The group will now appear in the users group list.

Copyright © 2019 Parts Authority. All rights reserved.

 Page |6

Export and Import Required Certificates

SonicWALL GVC client will use a certificate issued by our Enterprise CA to validate the computer account
before requiring user AD credentials to complete the authentication process. The following certificates
are required:

1. Parts Authority Root CA – this is our public certificate for our Enterprise Certificate Authority
(CA). This CA is the root (highest level) in the PKI chain of trust.
2. Parts Authority Intermediate CA – this is our public certificate for our Intermediate Certificate
Authority (CA). This CA issues the certificate to the domain users and computers.
3. Computer certificate – this is the certificate issued by our Int CA

Download Certificates
Download CA certificates from Google Drive and extract them to the user’s laptop.

Zip file contains two certificate files

Copyright © 2019 Parts Authority. All rights reserved.

 Page |7

Export Computer Certificate

Export computer certificate using MMC Certificate Manager. (Advanced: to skip steps 1-6, run “certlm”
instead of “mmc” from the command line)

PA - Export Computer Certificate

1. Run MMC from local machine using Administrator account (domain or local).

Copyright © 2019 Parts Authority. All rights reserved.

 Page |8

2. File>Add/Remove Snap-in”

3. Select “Certificates” then “Add >”

Copyright © 2019 Parts Authority. All rights reserved.

 Page |9

4. Select “Computer account”, Next.

5. Select “Local Computer”, Finish.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 10

6. Select “OK”

7. Expand “Certificates – Local Computer”

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 11

8. Select “Personal > Certificates”

9. Find certificate with “Issued To” as the name of the computer, right-click and “Export”

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 12

10. Select “Yes, export the private key”, Next.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 13

11. Keep defaults, Next.

12. Select “Password” radio button, and create a password only you know.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 14

13. Save the certificate file in the same folder as the Root and Intermediate CA certificates are
located. (Note: file name can be anything you want)

14. Select Finish

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 15

15. You will see a successful message.

16. Close MMC, choose “No” when asked to save settings.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 16

17. You should now have all three required certificates in the VPN_certs folder.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 17

Import Certificates into SonicWALL GVC

Import Root CA, Int CA, and Computer certificates.

1. Launch SonicWALL GVC (Note: If existing connections exist DELETE ALL)

2. View>Certificates

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 18

(No certificates will exist)

3. Select “Import”, and browse to the computer certificate you exported earlier, and enter the
password you created.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 19

4. Certificate will display in the “User Certificates” Group

5. Import the Root CA certificate

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 20

6. Import the Intermediate CA certificate.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 21

Configured Connections in SonicWALL GVC

Add the primary and backup VPN connections.

1. Select “+” to open the New Connection Wizard.

2. Next

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 22

3. Create “vpn-04.panetny.com” with Connection Name “Primary VPN – NY”

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 23

4. Create “vpn-06.panetny.com” with Connection Name “Backup VPN – MN”

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 24

5. You will have two connections available; enable “Primary VPN – NY”.

6. You will be asked to select a certificate to use as the computer’s identity, select “OK”
Note: This step will only be required one time.

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 25

7. Ask the user to enter their domain (Okta) credentials.

8. Select “OK”

Copyright © 2019 Parts Authority. All rights reserved.

 P a g e | 26

9. You will be connected. Test DST, PAReps, etc.

10. Disable connection and repeat steps 5-8 for “Backup VPN – MN”

Copyright © 2019 Parts Authority. All rights reserved.